For both retailers and shoppers, credit card terminals offer an easy, effortless solution to paying for goods and services. Once the transaction information has been entered, it’s simply a case of keying in your PIN (or tapping for contactless), before a receipt is churned out and voilà! Easy selling without the hassle.
But what actually happens behind the scenes? Although it seems so quick and easy, it is more complex than meets the eye.
To understand the security of card terminals, we need to know the steps that take place when a card payment occurs.
- Firstly, the cardholder’s transaction details and card information are sent to the retailer’s payment processors, and then to the customer’s bank.
- Authorisation for the transaction is requested from the customer’s bank via the card issuer’s network (Amex, Mastercard, Visa etc.)
- The authorisation is sent to the payment terminal and a transaction settlement is requested.
- Once everything is reconciled, the funds are transferred to the retailer’s merchant account through Automated Clearing House and the customer’s account is debited.
Although this all sounds a little complicated, it literally happens thousands of times a minute across the UK, and takes only a few seconds.
So how secure is it?
There are still some people who worry about the security of portable card terminals. But in fact, these kinds of digital transactions are probably more secure than many traditional ways of paying for things.
Banks, payment processors and payment services providers (PSPs) are very thoroughly regulated to ensure the very highest level of security for every card payment. All transaction information going between card terminals, banks and merchant accounts is encrypted so that it can’t be tampered with.
If there is sensitive data being stored, this is also encrypted so third parties can’t access it.
Additionally, the PCI DSS (Payment Card Industry Data Security Standards) regulate and fully audit all processes and businesses across the industry, to make sure globally recognised security standards are adhered to. These standards apply to both face-to-face and online payments carried out using credit or debit card terminals. They are set and verified by an independent body called the PCI industry consortium, whose sole purpose is to make sure card payments are safe.
Modern day chip-and-PIN card payments are also far more secure than old fashioned swipe payments. This is because they require a personal PIN so the user can be identified, plus there’s a computer chip to encrypt the stored data. Swipe payments require a less secure magnetic strip and a signature, which can be very easy to forge.
Then, of course, there’s the CVV number on the back of the card, which means you actually need to have the card in your hand to make a transaction.
Finally, there’s 3D-secure authentication, which is another security system for online card payments controlled by the customer’s bank. Once a user has clicked to buy something, 3D-secure will prompt them to enter a specific code with they have chosen previously and which is known by their bank. Alternatively, a single-use code can be sent to the cardholder’s mobile phone.
If you would like to find out more about card security or how a card terminal could help your business, speak to us at United Merchant Services today. With counter top, mobile and portable machines available, we can explain the options and help you find what you need.
